A colleague of mine wanted to enjoy the powerful features of my CPU but I don't trust him enough to give a shell on my computer. This program expects to receive a raw shellcode or a shared library, and executes it inside a seccomp-bpf sandbox.
The following syscalls are allowed by seccomp-bpf:
rt_sigreturn,exit,exit_group,read,write,mmap,mprotect,getcwd.
memdlopen (https://github.com/m1m1x/memdlopen) is used to load a dynamic library from memory. Despite being a proof of concept, the idea is awesome and it works great. (The code has been heavily rewritten to be a little bit more readable).
CPU time and memory are limited thanks to alarm and rlimits.
Tested on Ubuntu 14.04.2 LTS (ld-2.19.so).